How do you build a community? Federate!
In OCS 2007 you have the ability to federate with other schools, other companies (including Microsoft), and federate with Public IM (AOL, MSN, and Yahoo). Some of our OCS customers have federated with the Microsoft team and we have them in our contact list. It's a great way to extend your communications. We did a roundtable event last month where customers shared information about who was federated. We will open this topic up at our next Roundtable at Educause. We are looking for a way to post who is federated. Any volunteers?
University of Kentucky has federated and posted info on how to communicate with them: http://wiki.uky.edu/ocs/Wiki%20Pages/Federation%20Partners.aspx
So how do I federate? http://technet.microsoft.com/en-us/library/bb663635.aspx
To federate with Microsoft please contact your Account Team.
What are your message record retention policies? Some customers I've worked with are very hesitant to store voicemail and email on the same system. They are fearful that this would provide them with a legal or retention problem. If you have obligations to retain voicemail messages then it doesn't matter where these messages are stored. Another perspective would be if you didn't retain them prior to Unified Messaging with Exchange then storing them on Exchange doesn't change that. Basically - your policy stays the same.
We did work with a law firm to study this problem and here is their whitepaper: http://www.microsoft.com/exchange/evaluation/unifiedmessaging/dataretentionwp.mspx
Exchange does problem you with some tools to setup compliance and retention policies around Unified Messaging. You can setup policies that prevent voicemail from leaving campus via a transport rule. Journaling voicemail can be setup to be retained or skipped for the campus.
Set-TransportConfig -VoicemailJournalingEnabled $False
How about disclaimers? You can setup them up for UM this way:
Set-UMMailboxPolicy -identity MyUMMailboxPolicy -VoiceMailText "Voicemail is retained at XYZ University for 30 days."
Have you noticed it takes quite a long time to open up the Exchange command shell? I timed it and it takes anywhere from 20 to 30 seconds to launch. I found a way to knock this down to 2-3 seconds. This script updates the GAC with some of the Exchange assemblies and makes Command Shell respond well.
1) Paste the following in notepad and save it as Update-shell.ps1 (or whatever name you want):
Set-Alias ngen @( dir (join-path ${env:\windir} "Microsoft.NET\Framework64") ngen.exe -recurse | sort -descending lastwritetime )[0].fullName [appdomain]::currentdomain.getassemblies() | %{ngen $_.location}
Note: On x86 systems; replace Framework64 in the second line of this script with Framework.
2) [Optional] Close all open windows
3) [Optional] Start the Exchange Management Shell and note the time it takes to start up
4) Run the script: .\Update-shell.ps1 (or whatever you saved it as)
5) Quit all open windows, start the Shell. This fix rocks.
I had this question today from a large University in the Midwest and after some digging I found the answer to this is yes:
Here are the steps to do this:
1) Create two Universal security admin groups in ADUC such as OCSserverPool1group and OCSserverPool2group
2) Add various pool administrators to the correct group
2) Create two OUs in ADUC such as Pool1Servers and Pool2servers
3) Move all Pool1 OCS servers to Pool1servers OU and all Pool2 OCS servers to Pool2servers OU
4) Log onto OCS server you would like to delegate with either Domain Admins or RTCUniversalServerAdmins rights
5) Run the following command from the command line like this sample:
"C:\Program Files\Common Files\Microsoft Office Communications Server 2007\LCSCmd.exe" /domain:ocstest.loc /action:createdelegation /delegation:useradmin /trusteegroup:OCSserverPool1group
/trusteedomain:ocstest.loc /serviceaccount:rtcservice /componentserviceaccount:rtccomponentservice
/computerOU:ou=ocspool1,dc=ocstest,dc=loc /userOU:ou=students,dc=ocstest,dc=loc /usertype:user
/poolname:ocssa.ocstest.loc
More info around the command syntax:
LcsCmd /Domain[:<domain FQDN>] /Action:CreateDelegation /Delegation:ServerAdmin /TrusteeGroup:<name of the universal group that you will delegate to>
/TrusteeDomain: <FQDN of the domain where the trustee group resides>
/ServiceAccount:<RTC service account name>
/ComponentServiceAccount:<RTC component service account name>
/ComputerOU:<DN of the OU or container where the computer objects that run Office Communications Server reside>
/PoolName:<Name of an Enterprise pool or Standard Edition server>
[/ExtraServers:<FQDN of server1, FQDN of server2>]
Where:
TrusteeGroup is the group to which you are granting permissions.
TrusteeDomain is the domain in which the trustee group resides.
ServiceAccount is the RTC service account name.
ComponentServiceAccount is the RTC component service account name.
ComputerOU specifies the DN of the organizational unit containing the computer running the server to which you are granting administrative permissions.
PoolName specifies the name of the Standard Edition server or Enterprise pool in which the trustee group can administer servers; adds the trustee group to the Local Administrators group of each computer in the pool to the AdminRole of the RTC database, and to the ReadWriteRole of the RTCConfig database on the SQL Server back-end database server.
ExtraServers specifies a comma separated list of FQDNs of computers that are not part of a pool to which the trustee group requires access. You can enter the FQDN of Archiving and CDR Servers, Mediation Servers, or the internal FQDN of edge servers.
For more information on OCS server delegation see the OCS Active Directory Guide here.
Mark and I run into this problem in HiED often. We want to deploy but we are completely decentralized. Each department runs their own gear. We may have a central AD infrastructure but this model has been built for delegation. Each school/Dept is in charge of their own servers.
This being said "How do I deploy OCS when I know I won't manage servers X, Y, and Z. The first area to tackle is with Installation and Delegation. What if you aren't a Domain Admin. The Central IT team can delegate the responsibility for you to deploy and activate OCS via the deployment wizard or via command line. With this tool the users don't get elevated to domain admin and they get the subset of users necessary for OCS Setup and deployment.
The user must have the following:
1. Delegated Permission for Installation
2. Local Admin on server to be installed
3. Local Admin to BE SQL Server for Ent Installations.
To delegate setup tasks
Start setup and do your typical deployment whether standard or enterprise. When you get to the Delegation Setup and Admin Page Select the Delegate Setup Tasks and click Run. This will provide you options to select the "trustee domain". This is the domain that contains the group to which you want to delegate permissions. Enter the name of the group you want to delegate permissions to (this group must be universal or global). You also need to define the location of the computer objects where the OCS Server will be deployed, the distinguished name of the OU or container holding that computer.
One step often missed is to make sure you add the trustee group to the local admin group where you want to install OCS and the in the Local Admin for any BE SQL database servers.
Also in the case that authenticated users permissions have been removed, you must add this new group for setup task to RTCUniversalServerAdmins or manually grant Read permissions to the following containers in the forest root:
· Forest root domain
· Forest root domain System container
· Root of the domain where permissions is delegated
· Parent containers of computer objects and service account objects
When complete you can user whoami.exe /all and the output should be like this:
Everyone Well-known group S-1-1-0
BUILTIN\Administrators Alias S-1-5-32-544 BUILTIN\Users Alias S-1-5-32-545 NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11
NT AUTHORITY\This Organization Well-known group S-1-5-15
LOCAL Well-known group S-1-2-0
FABRIKAM\RTCUniversalUserReadOnlyGroup Group S-1-5-21-4264192570-
FABRIKAM\RTCUniversalGlobalWriteGroup Group S-1-5-21-4264192570-
FABRIKAM\RTCUniversalGlobalReadOnlyGroup S-1-5-21-4264192570-
FABRIKAM\RTCUniversalServerReadOnlyGroup S-1-5-21-4264192570-
FABRIKAM\delegatedLSSetup Group S-1-5-21-4264192570-
FABRIKAM\RTCUniversalServerAdmins Group S-1-5-21-4264192570-
FABRIKAM\CERTSVC_DCOM_ACCESS Alias S-1-5-21-4264192570-
You can also use LCSCMD to setup trustee groups and permissions for installation/activation. Next time we'll talk about Server and User Admins.
This is where the real value of OCS is. I can invite users outside my organization (Visiting Staff, Educators, Students) to participate or lead in a web conference. The tool to do this is the OCS Conferencing Add-in for Outlook. In this short video I'll show you how to use it.
I had a few SameTime/Notes schools who were switching to Exchange 2007 and OCS 2007 ask me if there was a way to embed Office Communicator client inside of Outlook? The answer is yes. There sample add-on available here along with source. Here is what it looks like:
Is there a Vista gadget for Exchange or Communicator? Yes, click here. Here is what the OC gadget looks like:
Here is the Exchange Web Services gadget where you can load calendar, inbox, tasks in a gadget. It will also pop up a side window when items are clicked:
Is there a way to get OCS within my Lotus Notes client while I am migrating to Exchange? Yes, there is sample Communicator add-on for Lotus Notes here. Here is what it looks like:
I hope this provides some information around additional options for connecting to OCS.
I have a customer that's asked about OCS Global settings and whether to install in the system container of the root domain or in configuration partition. Reasons for setting objects into configuration partition include:
limited access to the root domain
distributed domain architecture
empty root domain structure.
I'll do a shameless plug and point out one of my colleagues blog entries on this: http://communicationsserverteam.com/archive/2008/04/18/152.aspx. His entry includes a decision matrix for deployment.
Options are also detailed in the OCS AD Guide: Active Directory Global Settings and Objects.
http://technet.microsoft.com/en-us/library/bb803604.aspx
I found out something new today. If you are PIC (Public IM Connector) enabled in OCS you get a great benefit from AOL. AOL includes an SMS service. I can go into communicator and send a message to a mobile user using communicator. This is really cool. All you need is the E.164 number with @aol.com
Let’s take this one step further. I have a customer that asked me today about using speech server for Emergency Management. In this scenario they would like to use Speech Server to send text messages to cell users via SMS. This can be done with the UC AJAX API and Speech Server. Our partners can help design systems to do this.
I’ve included some code samples and some webcasts that show more on how to use UC AJAX API to build contextual applications. Driving Contextual Collaboration with Office Communicator 2007
Incoming Call Screen Pop Microsoft Unified Communications Client API 1.0 Sample Registers for incoming calls and pops up another app based on the caller ID info. http://www.microsoft.com/downloads/details.aspx?FamilyId=84AC7DD7-99D3-48F7-99D7-A281BD616407&displaylang=en Presence in a Communications Web Client Microsoft Unified Communications AJAX API Sample Shows how to use the UC AJAX Services API to put presence and IM into a web app. http://www.microsoft.com/downloads/details.aspx?FamilyId=AEBFA4E2-B30E-43A6-BF34-6403465BC9A9&displaylang=en Presence in Web Applications Microsoft Office Communicator 2007 Automation API Sample Shows how to use the MOC automation API to show presence in web pages. Uses the name.ctrl that SharePoint uses as well as the custom ActiveX presence control. http://www.microsoft.com/downloads/details.aspx?FamilyId=32CA6DA5-42A2-4B96-B13C-644AD8256645&displaylang=en Presence in Managed Applications Microsoft Office Communicator 2007 Automation API Sample Uses the MOC automation API and two custom WinForms controls to show presence in WinForms apps and launch collaboration sessions. http://www.microsoft.com/downloads/details.aspx?FamilyId=CBD51E8A-13BB-4F06-9CD5-E737E51E4B54&displaylang=en Presence in Rich Clients Unified Communications 2007 AJAX Service Sample Shows how to use the UC AJAX Services to provide presence and IM in a rich client app. http://www.microsoft.com/downloads/details.aspx?FamilyId=7F11D95D-5AFD-4B8A-84AF-4B7A9720AADF&displaylang=en Ethical Walls for Microsoft Office Communications Server 2007 Microsoft Office Communications Server 2007 API Sample Uses the OC Server API to show how to block sessions between specified users at the server level. http://www.microsoft.com/downloads/details.aspx?FamilyId=070DBCAB-472A-4EC1-AEAC-9273ECCD70C9&displaylang=en Custom Alerting Microsoft Office Communications Server 2007 API Sample Uses a custom desktop client written using the UCC API and an alert sender written using the UCMA API to send alerts to users. http://www.microsoft.com/downloads/details.aspx?FamilyId=9EFC784B-E443-4441-926C-5FD405D41BD9&displaylang=en Group and Contact Management Using WMI Microsoft Office Communications Server 2007 WMI API Sample Sample of using the WMI managment API for OCS to create and maintain contacts and contact groups for users. http://www.microsoft.com/downloads/details.aspx?FamilyId=5FAF0725-7139-401C-A848-086A529CC78E&displaylang=en Group and Contact Management Using Communicator Automation Microsoft Office Communicator 2007 Automation API Sample Shows how to use the MOC automation API to manage users and groups on the client desktop. http://www.microsoft.com/downloads/details.aspx?FamilyId=C334685A-4C9D-416F-BCFB-BD79613EE34C&displaylang=en Office Communicator 2007 Automation API Capabilities Microsoft Office Communicator 2007 Automation API Sample Shows some of the more advanced features of the MOC automation API such as custom conversation logging and causing incoming session windows to get focus. http://www.microsoft.com/downloads/details.aspx?FamilyId=36E27ADD-D45E-4057-9CD6-7F62B792B0B6&displaylang=en
I just reinstalled Exchange 2007 on Windows 2008 in Hyper-V and I was coming across an error with the ISAPI Filters.
Event ID: 2268 Raw Event ID : 2268 Record Nr. : 3746 Source: W3SVC-WP Category: None Type : Error Machine : EX2007EDU Description: Could not load all ISAPI filters for site “Default Web Site”. Therefore startup aborted.
Event ID: 2268 Raw Event ID : 2268 Record Nr. : 3746 Source: W3SVC-WP Category: None Type : Error Machine : EX2007EDU
Description: Could not load all ISAPI filters for site “Default Web Site”. Therefore startup aborted.
Basically, this happened where the site where OWA is installed is either a 32bit mode or ASP.NET 1.1. Since Exchange 2007 Outlook Web Access 2007 only runs on ASP.NET 2.0 in 64bit mode, you need to fix it back.
First, disable the 32bit mode for your web site. By default OWA goes into the Default Web Site context (0) so the following will take care of that:
cscript C:\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0
Second, register ASP.NET 2.0 as the default framework for that web site:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727> aspnet_regiis.exe -i Start installing ASP.NET (2.0.50727). ………………………………. Finished installing ASP.NET (2.0.50727)
Restart IIS and you should be all set.